deepceleron
Legendary
 Offline
Activity: 1512
Merit: 1028
|
 |
March 18, 2012, 06:36:31 PM
Last edit: March 18, 2012, 06:47:18 PM by deepceleron |
|
Could this be a vulnerability, or backdoor introduced by any popular mining software programmer,
which might be stealing and redirecting a % of hashing power ?
(my apologies to all good faith programmers for the accusations pulled out of my ass)
Miners would see network connections to somewhere else than their pool, and would earn less than expected. The majority of mining software is open-source, so you would have to be distributing an exe that is made with different source than you have published. And even if 25% of all Bitcoin miners were using such software, it would take half their work being diverted to equal the mystery miner's hashrate. I think it is most likely that an independent party has spent the money to make an ASIC farm, and found it easier to implement without including transactions. Becoming 20% of the network is about where you would find maximum profitability - if you doubled the total network hashrate yourself, you would only be earning 50% as many bitcoins per Thash. |
|
|
|
|
|
|
|
|
|
Unlike traditional banking where clients have only a few account numbers, with Bitcoin people can create an unlimited number of accounts (addresses). This can be used to easily track payments, and it improves anonymity.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
MrTeal
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
March 18, 2012, 07:04:29 PM |
|
I think it is most likely that an independent party has spent the money to make an ASIC farm, and found it easier to implement without including transactions. Becoming 20% of the network is about where you would find maximum profitability - if you doubled the total network hashrate yourself, you would only be earning 50% as many bitcoins per Thash.
Forgive my newbish ignorance, but depending on how they implemented it if a single entity actually reached 50% of the network with a cASIC would it not lead to basically the end of BTC? If you're a major miner you could look at developing your own ASIC, but the majority of the cost is already sunk for the 50% miner and they could simply churn out more wafers with the same mask. It might not be in the interest of the mystery miner to do a 51% attack, but it would be incredibly risky to sink hundreds of thousands or millions of dollars into a cASIC design when there's a very good possibility that the person who's already at 50% could disrupt the network before your hashing power comes online. |
|
|
|
|
Littleshop
Legendary
Offline
Activity: 1386
Merit: 1003
|
|
March 18, 2012, 07:53:55 PM |
|
I am figuring it is a botnet. With botnets reaching past 1 million computers someone must have selected a group of computers with good GPU's in them. Imagine good GPU's in 1% of machines, breaking them off as a seperate botnet. Now run them at low levels, do not run them hard enough for fans to get aggressive or any slowdown. 10,000 machines could make 2TH ran slowly. The internet connection usage would be kept to a minimum by only getting the bare minimum information (no transactions) and relaying back only when a block is found. This could live under the radar on a machine for a long time if they did nothing else with the pwned machine. And for $3000 a day, they would not have to resort to any other uses.
Of course it could be 5000-50000 machines in play.... But this is what I think it is.
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
March 18, 2012, 07:57:08 PM |
|
I am figuring it is a botnet. With botnets reaching past 1 million computers someone must have selected a group of computers with good GPU's in them. Imagine good GPU's in 1% of machines, breaking them off as a seperate botnet. Now run them at low levels, do not run them hard enough for fans to get aggressive or any slowdown. 10,000 machines could make 2TH ran slowly. The internet connection usage would be kept to a minimum by only getting the bare minimum information (no transactions) and relaying back only when a block is found. This could live under the radar on a machine for a long time if they did nothing else with the pwned machine. And for $3000 a day, they would not have to resort to any other uses.
Of course it could be 5000-50000 machines in play.... But this is what I think it is.
+1. When most people think "botnet", they seem to be considering only CPU power - but it is entirely possible that the compromised machines have GPUs - and if the user from IRC is to be believed, this is indeed the case, from looking at his hardware manifest. |
|
|
|
ArticMine
Legendary
Offline
Activity: 2282
Merit: 1050
Monero Core Team
|
|
March 18, 2012, 08:21:01 PM |
|
I am figuring it is a botnet. With botnets reaching past 1 million computers someone must have selected a group of computers with good GPU's in them. Imagine good GPU's in 1% of machines, breaking them off as a seperate botnet. Now run them at low levels, do not run them hard enough for fans to get aggressive or any slowdown. 10,000 machines could make 2TH ran slowly. The internet connection usage would be kept to a minimum by only getting the bare minimum information (no transactions) and relaying back only when a block is found. This could live under the radar on a machine for a long time if they did nothing else with the pwned machine. And for $3000 a day, they would not have to resort to any other uses.
Of course it could be 5000-50000 machines in play.... But this is what I think it is.
+1. When most people think "botnet", they seem to be considering only CPU power - but it is entirely possible that the compromised machines have GPUs - and if the user from IRC is to be believed, this is indeed the case, from looking at his hardware manifest. This alone does not explain the drop in "luck"; however when combined with discarding the golden nonces on legitimate miners it does make a lot of sense. Why discard the golden nonces? To lower the overall difficulty |
|
|
|
|
pieppiep
|
|
March 18, 2012, 08:25:33 PM |
|
I am figuring it is a botnet. With botnets reaching past 1 million computers someone must have selected a group of computers with good GPU's in them. Imagine good GPU's in 1% of machines, breaking them off as a seperate botnet. Now run them at low levels, do not run them hard enough for fans to get aggressive or any slowdown. 10,000 machines could make 2TH ran slowly. The internet connection usage would be kept to a minimum by only getting the bare minimum information (no transactions) and relaying back only when a block is found. This could live under the radar on a machine for a long time if they did nothing else with the pwned machine. And for $3000 a day, they would not have to resort to any other uses.
Of course it could be 5000-50000 machines in play.... But this is what I think it is.
Requesting work from a pool with transactions or without transactions is the same amount of data for the clients. |
|
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1028
|
|
March 18, 2012, 08:29:06 PM |
|
I am figuring it is a botnet. With botnets reaching past 1 million computers someone must have selected a group of computers with good GPU's in them. Imagine good GPU's in 1% of machines, breaking them off as a seperate botnet. Now run them at low levels, do not run them hard enough for fans to get aggressive or any slowdown. 10,000 machines could make 2TH ran slowly. The internet connection usage would be kept to a minimum by only getting the bare minimum information (no transactions) and relaying back only when a block is found. This could live under the radar on a machine for a long time if they did nothing else with the pwned machine. And for $3000 a day, they would not have to resort to any other uses.
Of course it could be 5000-50000 machines in play.... But this is what I think it is.
+1. When most people think "botnet", they seem to be considering only CPU power - but it is entirely possible that the compromised machines have GPUs - and if the user from IRC is to be believed, this is indeed the case, from looking at his hardware manifest. This alone does not explain the drop in "luck"; however when combined with discarding the golden nonces on legitimate miners it does make a lot of sense. Why discard the golden nonces? To lower the overall difficulty -1 for saying "golden nonces".  |
|
|
|
|
Littleshop
Legendary
Offline
Activity: 1386
Merit: 1003
|
|
March 18, 2012, 08:44:43 PM |
|
I am figuring it is a botnet. With botnets reaching past 1 million computers someone must have selected a group of computers with good GPU's in them. Imagine good GPU's in 1% of machines, breaking them off as a seperate botnet. Now run them at low levels, do not run them hard enough for fans to get aggressive or any slowdown. 10,000 machines could make 2TH ran slowly. The internet connection usage would be kept to a minimum by only getting the bare minimum information (no transactions) and relaying back only when a block is found. This could live under the radar on a machine for a long time if they did nothing else with the pwned machine. And for $3000 a day, they would not have to resort to any other uses.
Of course it could be 5000-50000 machines in play.... But this is what I think it is.
Requesting work from a pool with transactions or without transactions is the same amount of data for the clients. Yes, if they are indeed working that way. The miners may be doing all the work as solo and relaying the finished work (only when found) as well to a central location. That location may not actually be physically owned by the botnet, it may be just one machine (pwned) running the proper software to relay the finished block. If something goes wrong with that machine, they get another ip. If this IP moves from country to country it might help back up this theory. |
|
|
|
|
|
wogaut
Donator
Sr. Member
Offline
Activity: 448
Merit: 250
|
|
March 18, 2012, 10:09:59 PM |
|
Just seeing that 88.6.216.9 is on several blacklists
bl.spameatingmonkey.net
cblplus.anti-spam.org.cn
pbl.spamhaus.org
spam.dnsbl.sorbs.net
The whole botnet seems not farfetched.
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
March 18, 2012, 10:23:34 PM |
|
I think it is most likely that an independent party has spent the money to make an ASIC farm, and found it easier to implement without including transactions. Becoming 20% of the network is about where you would find maximum profitability - if you doubled the total network hashrate yourself, you would only be earning 50% as many bitcoins per Thash.
Forgive my newbish ignorance, but depending on how they implemented it if a single entity actually reached 50% of the network with a cASIC would it not lead to basically the end of BTC? If you're a major miner you could look at developing your own ASIC, but the majority of the cost is already sunk for the 50% miner and they could simply churn out more wafers with the same mask. It might not be in the interest of the mystery miner to do a 51% attack, but it would be incredibly risky to sink hundreds of thousands or millions of dollars into a cASIC design when there's a very good possibility that the person who's already at 50% could disrupt the network before your hashing power comes online. On the one hand, you're right. If I recall correctly, ArtForz once put it along these lines: Above 50% you're effectively competing against yourself. While it would not directly mean the end of BTC (let's say the >50% miner is benevolent), but it would probably make people feel so uneasy that the trust in bitcoin would deteriorate more and more, probably to the point where the whole things falls apart. So actually what you'd probably want to do in case you have all the up-front work and cost of ASIC covered is to sell about 50% of your production at the highest price you can get and put the other 50% into your own farm. |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
March 18, 2012, 10:27:02 PM |
|
+1. When most people think "botnet", they seem to be considering only CPU power - but it is entirely possible that the compromised machines have GPUs - and if the user from IRC is to be believed, this is indeed the case, from looking at his hardware manifest.
Seems to me percentage of gaming machines with GPU would be higher in a botnet than in a sample containing "all kinds of machine", because gamers probably tend to run untrusted .exe files and point their browsers to "dangerous" sites above average. They might make up for that by being more knowledgeable and careful about security, but I think the first effect is larger. |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
Littleshop
Legendary
Offline
Activity: 1386
Merit: 1003
|
|
March 18, 2012, 11:10:40 PM |
|
I think it is most likely that an independent party has spent the money to make an ASIC farm, and found it easier to implement without including transactions. Becoming 20% of the network is about where you would find maximum profitability - if you doubled the total network hashrate yourself, you would only be earning 50% as many bitcoins per Thash.
Forgive my newbish ignorance, but depending on how they implemented it if a single entity actually reached 50% of the network with a cASIC would it not lead to basically the end of BTC? If you're a major miner you could look at developing your own ASIC, but the majority of the cost is already sunk for the 50% miner and they could simply churn out more wafers with the same mask. It might not be in the interest of the mystery miner to do a 51% attack, but it would be incredibly risky to sink hundreds of thousands or millions of dollars into a cASIC design when there's a very good possibility that the person who's already at 50% could disrupt the network before your hashing power comes online. On the one hand, you're right. If I recall correctly, ArtForz once put it along these lines: Above 50% you're effectively competing against yourself. While it would not directly mean the end of BTC (let's say the >50% miner is benevolent), but it would probably make people feel so uneasy that the trust in bitcoin would deteriorate more and more, probably to the point where the whole things falls apart. So actually what you'd probably want to do in case you have all the up-front work and cost of ASIC covered is to sell about 50% of your production at the highest price you can get and put the other 50% into your own farm. If it is a botnet that continues 1 trans blocks (or any fakery of non-real transactions), i hope they realize that anything over 25% will cause the community to really work hard to stop it, and that the distortion of both the selling of the coins and the lost confidence will actually make them have LESS PROFIT. Adding too many machines will kill their $3000 a day. |
|
|
|
MrTeal
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
March 18, 2012, 11:17:13 PM |
|
Seems to me percentage of gaming machines with GPU would be higher in a botnet than in a sample containing "all kinds of machine", because gamers probably tend to run untrusted .exe files and point their browsers to "dangerous" sites above average. They might make up for that by being more knowledgeable and careful about security, but I think the first effect is larger.
I would have thought gamers would be less likely to pick up malware and viruses than your average user. Gamers might venture into dangerous sites, but are they any worse than the majority of people who open emails with an "OMG_Kitties_Inside.ppt" attachment? The number of people who I've seen fall prey to even simple things like the "Your computer has a virus, click here to run a free scan." messages is pretty incredible. |
|
|
|
|
|
bulanula
|
|
March 18, 2012, 11:21:09 PM |
|
If it is a botnet that continues 1 trans blocks (or any fakery of non-real transactions), i hope they realize that anything over 25% will cause the community to really work hard to stop it, and that the distortion of both the selling of the coins and the lost confidence will actually make them have LESS PROFIT. Adding too many machines will kill their $3000 a day. Any genius idea how you can do that ? BTC is not ran by a maniac like RealScam that can turn off clients he does not like with his pig nodes. If this guy reaches over 50% then we are all royally screwed. BTC is inherently insecure and somebody really needs to fix the 51% issue. "It will not happen" is not a technological fix and just a lame ass excuse to avoid working on improving the blockchain POW system we currently have. Nobody is perfect, not even Satoshi or BTC ... BTW the IP is now http://blockchain.info/ip-address/85.214.124.168 |
|
|
|
|
Littleshop
Legendary
Offline
Activity: 1386
Merit: 1003
|
|
March 18, 2012, 11:28:30 PM |
|
It would be hard, but a consensus of users (who stand to profit by stopping the deterioration of bitcoin) could come up reasonable formulas for the acceptance of transactions in blocks. The 1 trans miner could fix the problem and continue or try to resist. The point is the 1 trans miner would be working against bitcoin and therefore his juicy profits if he did resist. If they are smarter they will either fix it (which could be including just paid transactions) or keep to the rough level they are at now.
Just because one has a ton of power, does not mean using all is in their own best interest. There is a bell curve of profitability for this situation, and they are pretty close to the top right now.
|
|
|
|
|
PulsedMedia
|
|
March 19, 2012, 12:18:11 AM |
|
It would be hard, but a consensus of users (who stand to profit by stopping the deterioration of bitcoin) could come up reasonable formulas for the acceptance of transactions in blocks. The 1 trans miner could fix the problem and continue or try to resist. The point is the 1 trans miner would be working against bitcoin and therefore his juicy profits if he did resist. If they are smarter they will either fix it (which could be including just paid transactions) or keep to the rough level they are at now.
Just because one has a ton of power, does not mean using all is in their own best interest. There is a bell curve of profitability for this situation, and they are pretty close to the top right now.
Never, ever underestimate the stupidity of a script kiddie.I just had a script kiddie threaten all kinds of DDoS type of attacks on our business, and even log entries with his IP trying to gain access to one of our control panels, and he threatened under his own name, his full contact details inputted into our system and publicly available, and he hosts warez sites under his real identity. Googling his name resulted in his facebook, google plus accounts plus a lot of other information confirming his identity. Script kiddies are the most intellectually challenged, ego driven maniacs you can think of. certain things just don't "compute" for them. and that's not even the only case, i've seen people bragging about doing DoS type of attacks, under their own real name, all verifiable what has happened, and every bit of evidence pointing to them, like asking to get jailed! As for 51% attack, as bitcoin grows it becomes even harder and harder to pull of, eventually being near impossible to pull of. Before that point is met, it's just expected that some people might come close to that. But as BTC value drives up, so does miner rewards and that much harder it becomes! |
|
|
|
wogaut
Donator
Sr. Member
Offline
Activity: 448
Merit: 250
|
|
March 19, 2012, 01:19:23 AM |
|
If this guy reaches over 50% then we are all royally screwed. BTC is inherently insecure and somebody really needs to fix the 51% issue.
"It will not happen" is not a technological fix and just a lame ass excuse to avoid working on improving the blockchain POW system we currently have.
Nobody is perfect, not even Satoshi or BTC ...
I agree, if this catches on and he or a collective of botnets reaches >51% we'll be reporting to criminals re "improvements" to the bitcoin protocol. As for 51% attack, as bitcoin grows it becomes even harder and harder to pull of, eventually being near impossible to pull of. Before that point is met, it's just expected that some people might come close to that. But as BTC value drives up, so does miner rewards and that much harder it becomes!
This is the typical and IMO arrogant excuse that's been repeated like a dogma over and over. Close our eyes, have faith in Satoshi's bible and all will be well. Oh well... |
|
|
|
|
PulsedMedia
|
|
March 19, 2012, 03:14:03 AM |
|
This is the typical and IMO arrogant excuse that's been repeated like a dogma over and over. Close our eyes, have faith in Satoshi's bible and all will be well.
Oh well...
Doesn't take a genious to do the maths. If there is 500Th going on, even getting BFL Minirigs (15k $, ~20Ghash/s) at 10% price would require 375 000 000$ to make 50% ... Nevermind the ~3.1MW consumption ... |
|
|
|
DeepBit
Donator
Hero Member
Offline
Activity: 532
Merit: 501
We have cookies
|
|
March 19, 2012, 03:29:23 AM |
|
Requesting work from a pool with transactions or without transactions is the same amount of data for the clients. Yes, if they are indeed working that way. The miners may be doing all the work as solo and relaying the finished work (only when found) as well to a central location. If they are mining solo then all the nodes have to be a part of bitcoin p2p for getting info on new blocks, so TX information will be available to the nodes anyway. Unless they are getting work from central nodes or support their own p2p. |
Welcome to my bitcoin mining pool: https://deepbit.net ~ 3600 GH/s, Both payment schemes, instant payout, no invalid blocks ! Coming soon: ICBIT Trading platform |
|
|
|
